1566 matches found
CVE-2024-42172 HCL MyXalytics is affected by broken authentication
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wi...
CVE-2024-42172
CVE-2024-42172 affects HCL MyXalytics and is described as a broken authentication vulnerability. The provided sources state attackers could compromise keys, passwords, and session tokens, potentially leading to identity theft and full system control. The underlying cause is attributed to poor con...
PT-2025-2622 · Hcl · Hcl Myxalytics
Name of the Vulnerable Software and Affected Versions: HCL MyXalytics affected versions not specified Description: The issue arises from broken authentication, allowing attackers to compromise keys, passwords, and session tokens. This can potentially lead to identity theft and system control. The...
The vulnerability of the scpi_dvfs_get_info() function in the System Control and Power Interface (SCPI) Message Protocol Driver (drivers/firmware/arm_scpi.c) in Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the scpidvfsgetinfo function in the System Control and Power Interface SCPI Message Protocol Driver drivers/firmware/armscpi.c in Linux kernel systems is related to a pointer arithmetic error. Exploiting this vulnerability could allow an attacker to cause a service failure...
Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data
Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code and gain full control over the system.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type mixing errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and gain full control over the system...
Apple Releases Security Updates for Multiple Products
Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates:...
DEBIAN-CVE-2024-53069
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: fix a NULL-pointer dereference Some SCM calls can be invoked with scm being NULL the driver may not have been and will not be probed as there's no SCM entry in device-tree. Make sure we don't dereference a NU...
Fortinet Releases Security Updates for Multiple Products
Fortinet has released security updates to address vulnerabilities in multiple products, including FortiOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply...
kernel: clk: imx: scu: use _safe list iterator to avoid a use after free
A use-after-free flaw was found in the Linux kernel's i.MX system control unit clock driver in the error cleanup path. A local user can trigger this issue during clock initialization failure scenarios on i.MX hardware with System Control Unit firmware, where the cleanup loop incorrectly uses a...
kernel: ELF: fix kernel.randomize_va_space double read
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...
Cisco Adaptive Security Appliance Software SSH Remote Command Injection Vulnerability (cisco-sa-asa-ssh-rce-gRAuPEUF)
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...
Exploit for Use of Incorrectly-Resolved Name or Reference in Zohocorp Manageengine_Adselfservice_Plus
CVE-2021-40539 CVE-2021-40539: ADSelfService Plus RCE Vulner...
ABB Cylon Aspect 3.07.02 (user.properties) Default Credentials
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller uses a weak set of default administrative...
Microsoft Releases October 2024 Security Updates
Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft...
CVE-2024-6983
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...
CVE-2024-6983
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...
CVE-2024-6983 Remote Code Execution in mudler/localai
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...
CVE-2024-6983 Remote Code Execution in mudler/localai
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...
UBUNTU-CVE-2024-46826
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...